Users should not be able to grab direct image urls and spread them. How to do?

lady_vader

Joined: 2006-08-29
Posts: 19

Posted: Sat, 2006-09-02 18:23

Hello!

I've set albums to be hidden, so that only registered users can see it, and then removed "all users"-permissions and only set for certain groups of users.
I've tried to apply password protecting album, but I do not know how it really works.

But users still can open the original picture and then grab the image url for it, and then spread it. It still works to do so despite above settings.

How do I do so that you can't do that?

Alternatively I could accept that you can "move around" the url sometimes so that an old url will not work anymore. But I do know how I could do that though.

Gallery version = 2.1.2 core 1.1.0.2
PHP version = 4.3.9 apache2handler
Webserver = Apache/2.0.52 (CentOS)
Database = mysqlt 4.1.20, lock.system=database
Toolkits = ArchiveUpload, NetPBM, Thumbnail, Gd, ImageMagick, SquareThumb
Acceleration = none, none
Operating system = Linux tyan.monostar.net 2.6.9-42.0.2.EL #1 Tue Aug 22 23:56:05 CDT 2006 i686
Default theme = matrix
Locale = en_US
Browser = Mozilla/5.0 (Windows; U; Windows NT 5.0; sv-SE; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

fryfrog

Joined: 2002-10-30
Posts: 3236

Posted: Tue, 2006-09-05 02:53

It is *not* possible to bypass the permissions of G2. The "direct" URL you see for an image is not *actually* a direct URL. If it looks pretty, you are using the rewrite module which cleans up urls and makes them *look* real. If you aren't, you will see they are filtered through main.php. So your problem is a permissions related one. You just need to muck about until you get it right, the permissions UI is probably one of the hardest parts of G2 to get your brain wrapped around.

If you are looking for some free advertisement from the bandwidth leeching bastards, the url rewrite module also has a few features to help. You can choose to watermark all hotlinked items, block hotlinked items (a bit annoying this one, since sometimes you *want* to do it) or simply send some HTML instead of the image. I imagine something like <a href="http://lemonparty.com">Click Here for the Image</a> is very rewarding. Btw, don't visit that url ;p
_________________________________
Support & Documentation || Donate to Gallery || My Website

lady_vader

Joined: 2006-08-29
Posts: 19

Posted: Tue, 2006-09-05 03:04

Interesting, I think it is working now as I think it was that I was logged in and never logged out when I tried to paste the url. Now I did it in 2 different browsers, from one to other (to cancel out eventual cache) and was sure that I was logged out and I didn't get access to pic. Whew! And yes you're right it is filtered through main.php.

Thank you for your reply.

RossiUnited

Joined: 2006-08-21
Posts: 27

Posted: Mon, 2006-09-11 17:52

Quote:

If you are looking for some free advertisement from the bandwidth leeching bastards, the url rewrite module also has a few features to help. You can choose to watermark all hotlinked items, block hotlinked items (a bit annoying this one, since sometimes you *want* to do it) or simply send some HTML instead of the image. I imagine something like <a href="http://lemonparty.com">Click Here for the Image</a> is very rewarding. Btw, don't visit that url ;p

How do you do this? I looked in the URL Rewrite section on site admin and can't see where to insert these html/watermark etc?! When I click on "setup" in that section it says this

"Approved referers
The parser you have selected does not support a referer check."

lady_vader Joined: 2006-08-29 Posts: 19	Posted: Sat, 2006-09-02 18:23
	Hello! I've set albums to be hidden, so that only registered users can see it, and then removed "all users"-permissions and only set for certain groups of users. I've tried to apply password protecting album, but I do not know how it really works. But users still can open the original picture and then grab the image url for it, and then spread it. It still works to do so despite above settings. How do I do so that you can't do that? Alternatively I could accept that you can "move around" the url sometimes so that an old url will not work anymore. But I do know how I could do that though. Gallery version = 2.1.2 core 1.1.0.2 PHP version = 4.3.9 apache2handler Webserver = Apache/2.0.52 (CentOS) Database = mysqlt 4.1.20, lock.system=database Toolkits = ArchiveUpload, NetPBM, Thumbnail, Gd, ImageMagick, SquareThumb Acceleration = none, none Operating system = Linux tyan.monostar.net 2.6.9-42.0.2.EL #1 Tue Aug 22 23:56:05 CDT 2006 i686 Default theme = matrix Locale = en_US Browser = Mozilla/5.0 (Windows; U; Windows NT 5.0; sv-SE; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
	XUser login Username: * Password: * Create new account Request new password
fryfrog Joined: 2002-10-30 Posts: 3236	Posted: Tue, 2006-09-05 02:53
	It is not possible to bypass the permissions of G2. The "direct" URL you see for an image is not actually a direct URL. If it looks pretty, you are using the rewrite module which cleans up urls and makes them look real. If you aren't, you will see they are filtered through main.php. So your problem is a permissions related one. You just need to muck about until you get it right, the permissions UI is probably one of the hardest parts of G2 to get your brain wrapped around. If you are looking for some free advertisement from the bandwidth leeching bastards, the url rewrite module also has a few features to help. You can choose to watermark all hotlinked items, block hotlinked items (a bit annoying this one, since sometimes you want to do it) or simply send some HTML instead of the image. I imagine something like <a href="http://lemonparty.com">Click Here for the Image</a> is very rewarding. Btw, don't visit that url ;p _________________________________ Support & Documentation \|\| Donate to Gallery \|\| My Website

lady_vader Joined: 2006-08-29 Posts: 19	Posted: Tue, 2006-09-05 03:04
	Interesting, I think it is working now as I think it was that I was logged in and never logged out when I tried to paste the url. Now I did it in 2 different browsers, from one to other (to cancel out eventual cache) and was sure that I was logged out and I didn't get access to pic. Whew! And yes you're right it is filtered through main.php. Thank you for your reply.

RossiUnited Joined: 2006-08-21 Posts: 27	Posted: Mon, 2006-09-11 17:52
	Quote: If you are looking for some free advertisement from the bandwidth leeching bastards, the url rewrite module also has a few features to help. You can choose to watermark all hotlinked items, block hotlinked items (a bit annoying this one, since sometimes you want to do it) or simply send some HTML instead of the image. I imagine something like <a href="http://lemonparty.com">Click Here for the Image</a> is very rewarding. Btw, don't visit that url ;p How do you do this? I looked in the URL Rewrite section on site admin and can't see where to insert these html/watermark etc?! When I click on "setup" in that section it says this "Approved referers The parser you have selected does not support a referer check."

Users should not be able to grab direct image urls and spread them. How to do?

XUser login